CVE-2013-4783
Last modified
CVE-2013-4783 is a vulnerability of currently unknown severity. The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.". EPSS estimates a 3.38% chance of exploitation in the next 30 days.
Description
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac6 Bmc | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4783?
How severe is CVE-2013-4783?
How do I fix CVE-2013-4783?
Are you affected by CVE-2013-4783?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST